#51 2013-12-08 13:52:04

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: OpenVPN automated installer

sonic wrote:
Nyr wrote:

Third search result on Bing:
http://serverfault.com/questions/71310/ … -addresses

Just change that to a /32 if that's what you want.

Don't worry about payment, I don't currently charge anything for linking to serverfault.

Please do auto script for this, i wanna to pay big_smile

Sorry, that's not something I want to include on the main script at the moment.

It would involve used user-specific configs on the server side so we can assign static internal IPs, then adding routes for each client and doing the SNAT individually. Pretty trivial to setup on one server but few more work required to script it decently and make it bulletproof + confusing for the users of the main script, since they would be asked to setup internal static addresses and then NATing to the public ones.

Also, it will break using one cert for two simultaneous connections (except obviously, if more scripting work is involved).

Google about the client-config-dir directive and then you can push static addresses individually, using custom iptables for each user to reach the Internet. Or send me an email with whatever configuration you exactly require to be done and I will get back to you with a quote. Adding that to the main script isn't something on the papers right now.

Offline

#52 2013-12-23 21:42:26

sally
Trusted Member
Registered: 2013-12-23
Posts: 11

Re: OpenVPN automated installer

Great code that installed very fast - but can't get it up and running.
Any ideas?

Mon Dec 23 18:39:39 2013 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Mon Dec 23 18:39:39 2013 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Mon Dec 23 18:39:39 2013 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Mon Dec 23 18:39:39 2013 LZO compression initialized
Mon Dec 23 18:39:39 2013 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Mon Dec 23 18:39:39 2013 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Mon Dec 23 18:39:39 2013 Local Options hash (VER=V4): '41690919'
Mon Dec 23 18:39:39 2013 Expected Remote Options hash (VER=V4): '530fdded'
Mon Dec 23 18:39:39 2013 UDPv4 link local: [undef]
Mon Dec 23 18:39:39 2013 UDPv4 link remote: xx.xx.xx.xx:1194
Mon Dec 23 18:39:40 2013 TLS: Initial packet from xx.xx.xx.xx:1194, sid=e1c91dd3 0e1e77af
Mon Dec 23 18:39:42 2013 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=changeme/name=changeme/[email protected]
Mon Dec 23 18:39:42 2013 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/OU=changeme/CN=changeme/name=changeme/[email protected]
Mon Dec 23 18:39:48 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec 23 18:39:48 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 23 18:39:48 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec 23 18:39:48 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 23 18:39:48 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Dec 23 18:39:48 2013 [changeme] Peer Connection Initiated with xx.xx.xx.xx:1194
Mon Dec 23 18:39:49 2013 SENT CONTROL [changeme]: 'PUSH_REQUEST' (status=1)
Mon Dec 23 18:39:49 2013 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Mon Dec 23 18:39:49 2013 Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:2: topology (2.0.9)
Mon Dec 23 18:39:49 2013 OPTIONS IMPORT: timers and/or timeouts modified
Mon Dec 23 18:39:49 2013 OPTIONS IMPORT: --ifconfig/up options modified
Mon Dec 23 18:39:49 2013 OPTIONS IMPORT: route options modified
Mon Dec 23 18:39:49 2013 TAP-WIN32 device [Local Area Connection 55] opened: \\.\Global\{91AD6883-24DB-48F3-9443-CB73FDEB8B85}.tap
Mon Dec 23 18:39:49 2013 TAP-Win32 Driver Version 8.4
Mon Dec 23 18:39:49 2013 TAP-Win32 MTU=1500
Mon Dec 23 18:39:49 2013 Notified TAP-Win32 driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {91AD6883-24DB-48F3-9443-CB73FDEB8B85} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Mon Dec 23 18:39:49 2013 Successful ARP Flush on interface [3] {91AD6883-24DB-48F3-9443-CB73FDEB8B85}
Mon Dec 23 18:39:49 2013 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Mon Dec 23 18:39:49 2013 Route: Waiting for TUN/TAP interface to come up...
Mon Dec 23 18:39:51 2013 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Mon Dec 23 18:39:51 2013 Route: Waiting for TUN/TAP interface to come up...
Mon Dec 23 18:39:52 2013 TEST ROUTES: 0/0 succeeded len=1 ret=0 a=0 u/d=down
Mon Dec 23 18:39:52 2013 Route: Waiting for TUN/TAP interface to come up...
Mon Dec 23 18:39:53 2013 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Mon Dec 23 18:39:53 2013 route ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Mon Dec 23 18:39:53 2013 Route addition via IPAPI succeeded
Mon Dec 23 18:39:53 2013 Initialization Sequence Completed

Offline

#53 2013-12-23 21:50:19

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,297
Website

Re: OpenVPN automated installer

Is port 1194 assigned to your vps?

Offline

#54 2013-12-23 21:55:52

sally
Trusted Member
Registered: 2013-12-23
Posts: 11

Re: OpenVPN automated installer

Thanks for the reply!
Client.config:

client
dev tun
proto udp
remote XX.XX.XX.XX 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
comp-lzo
verb 3

Offline

#55 2013-12-23 22:06:54

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: OpenVPN automated installer

You can't use port 1194 over the NAT in LowEndSpirit.

Use the removal function included with the script and reinstall using one of your NATed ports.

Offline

#56 2013-12-23 22:12:31

sally
Trusted Member
Registered: 2013-12-23
Posts: 11

Re: OpenVPN automated installer

Sorry, my mistake - this is not installed on a LowEndSpirit.  It's a regular VPS. Just erhem "borrowed" your script and ported over 1194 both ends.

Last edited by sally (2013-12-23 22:14:09)

Offline

#57 2013-12-23 22:23:12

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: OpenVPN automated installer

Sorry, I didn't actually read the log, connection to the server works.

Are you running OpenVPN as administrator on Windows?

If so, please paste the output of: ipconfig /all
and: route print

Offline

#58 2013-12-23 22:32:41

sally
Trusted Member
Registered: 2013-12-23
Posts: 11

Re: OpenVPN automated installer

Running as Admin. Openvpn runs on the 55 connection.

Windows IP Configuration

        Host Name . . . . . . . . . . . . : ____
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : Yes
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : 11a/b/g Wireless LAN Mini PCI Expres
s Adapter
        Physical Address. . . . . . . . . : 00-08-E7-8B-20-10
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.34
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 8.8.8.8
                                            8.8.8.8
        Lease Obtained. . . . . . . . . . : Monday, December 23, 2013 6:38:53 PM

        Lease Expires . . . . . . . . . . : Monday, December 23, 2013 9:38:53 PM


Ethernet adapter Local Area Connection 55:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : TAP-Win32 Adapter V8
        Physical Address. . . . . . . . . : 00-FF-91-AD-68-83
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.8.0.6
        Subnet Mask . . . . . . . . . . . : 255.255.255.252
        Default Gateway . . . . . . . . . :
        DHCP Server . . . . . . . . . . . : 10.8.0.5
        Lease Obtained. . . . . . . . . . : Monday, December 23, 2013 7:28:27 PM

        Lease Expires . . . . . . . . . . : Tuesday, December 23, 2014 7:28:27 P
M

Ethernet adapter VirtualBox Host-Only Network:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapte
r
        Physical Address. . . . . . . . . : 08-00-27-00-E8-0C
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.56.1
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . :

Offline

#59 2013-12-23 22:35:08

sally
Trusted Member
Registered: 2013-12-23
Posts: 11

Re: OpenVPN automated installer

The server, by the way, is running Ubuntu 12.04. And thanks for taking a look!


===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 08 e7 8b 20 10 ...... 11a/b/g Wireless LAN Mini PCI Express Adapter -
Packet Scheduler Miniport
0x3 ...00 ff 91 ad 68 83 ...... TAP-Win32 Adapter V8 - Packet Scheduler Miniport

0x4 ...08 00 27 00 e8 0c ...... VirtualBox Host-Only Ethernet Adapter - Packet S
cheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.34       25
         10.8.0.1  255.255.255.255         10.8.0.5        10.8.0.6       1
         10.8.0.4  255.255.255.252         10.8.0.6        10.8.0.6       30
         10.8.0.6  255.255.255.255        127.0.0.1       127.0.0.1       30
   10.255.255.255  255.255.255.255         10.8.0.6        10.8.0.6       30
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.1.0    255.255.255.0     192.168.1.34    192.168.1.34       25
     192.168.1.34  255.255.255.255        127.0.0.1       127.0.0.1       25
    192.168.1.255  255.255.255.255     192.168.1.34    192.168.1.34       25
     192.168.56.0    255.255.255.0     192.168.56.1    192.168.56.1       20
     192.168.56.1  255.255.255.255        127.0.0.1       127.0.0.1       20
   192.168.56.255  255.255.255.255     192.168.56.1    192.168.56.1       20
        224.0.0.0        240.0.0.0         10.8.0.6        10.8.0.6       30
        224.0.0.0        240.0.0.0     192.168.1.34    192.168.1.34       25
        224.0.0.0        240.0.0.0     192.168.56.1    192.168.56.1       20
  255.255.255.255  255.255.255.255         10.8.0.6        10.8.0.6       1
  255.255.255.255  255.255.255.255     192.168.1.34    192.168.1.34       1
  255.255.255.255  255.255.255.255     192.168.56.1    192.168.56.1       1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None

Last edited by sally (2013-12-23 23:15:33)

Offline

#60 2013-12-23 23:31:27

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: OpenVPN automated installer

Default route isn't being set.

If you are 100% sure that OpenVPN is running as an administrator on Windows, please update to the latest version and let us know if problem persists.

You haven't modified anything on the client.conf, right?

Offline

#61 2013-12-23 23:36:05

sally
Trusted Member
Registered: 2013-12-23
Posts: 11

Re: OpenVPN automated installer

Nope, client config is unchanged. Thanks!

Offline

#62 2013-12-23 23:46:10

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: OpenVPN automated installer

Then update to the latest version of OpenVPN and let us know.

Offline

#63 2013-12-23 23:58:31

sally
Trusted Member
Registered: 2013-12-23
Posts: 11

Re: OpenVPN automated installer

I think this is the latest version. According to openvpn.se:
Latest stable release: 1.0.3 with OpenVPN 2.0.9

Offline

#64 2013-12-24 00:17:31

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: OpenVPN automated installer

Offline

#65 2013-12-24 01:12:07

sally
Trusted Member
Registered: 2013-12-23
Posts: 11

Re: OpenVPN automated installer

New version installed - and still no default gateway on the Tap Win32 Adapter.
Client > Server pings no problem.

Offline

#66 2013-12-24 01:17:04

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: OpenVPN automated installer

Can you please try on a different client? If not, can you please send me a test certificate to try?

Additionally, please paste the log using the new version, just to be sure.

Offline

#67 2013-12-24 01:22:18

sally
Trusted Member
Registered: 2013-12-23
Posts: 11

Re: OpenVPN automated installer

Another client not possible right now.
Not sure where the test cert is located?? Thanks!

Mon Dec 23 22:03:56 2013 OpenVPN 2.3.2 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Enter Management Password:
Mon Dec 23 22:03:56 2013 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Mon Dec 23 22:03:56 2013 Need hold release from management interface, waiting...
Mon Dec 23 22:03:57 2013 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Mon Dec 23 22:03:57 2013 MANAGEMENT: CMD 'state on'
Mon Dec 23 22:03:57 2013 MANAGEMENT: CMD 'log all on'
Mon Dec 23 22:03:57 2013 MANAGEMENT: CMD 'hold off'
Mon Dec 23 22:03:57 2013 MANAGEMENT: CMD 'hold release'
Mon Dec 23 22:03:57 2013 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Mon Dec 23 22:03:57 2013 Socket Buffers: R=[8192->8192] S=[8192->8192]
Mon Dec 23 22:03:57 2013 UDPv4 link local: [undef]
Mon Dec 23 22:03:57 2013 UDPv4 link remote: [AF_INET]xx.xx.xx.xx:1194
Mon Dec 23 22:03:57 2013 MANAGEMENT: >STATE:1387847037,WAIT,,,
Mon Dec 23 22:03:57 2013 MANAGEMENT: >STATE:1387847037,AUTH,,,
Mon Dec 23 22:03:57 2013 TLS: Initial packet from [AF_INET]xx.xx.xx.xx:1194, sid=2afc254f f5632bf7
Mon Dec 23 22:03:59 2013 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme, name=changeme, [email protected]
Mon Dec 23 22:03:59 2013 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=changeme, name=changeme, [email protected]
Mon Dec 23 22:04:04 2013 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec 23 22:04:04 2013 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 23 22:04:04 2013 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Mon Dec 23 22:04:04 2013 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Dec 23 22:04:04 2013 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mon Dec 23 22:04:04 2013 [changeme] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:1194
Mon Dec 23 22:04:05 2013 MANAGEMENT: >STATE:1387847045,GET_CONFIG,,,
Mon Dec 23 22:04:06 2013 SENT CONTROL [changeme]: 'PUSH_REQUEST' (status=1)
Mon Dec 23 22:04:07 2013 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Mon Dec 23 22:04:07 2013 OPTIONS IMPORT: timers and/or timeouts modified
Mon Dec 23 22:04:07 2013 OPTIONS IMPORT: --ifconfig/up options modified
Mon Dec 23 22:04:07 2013 OPTIONS IMPORT: route options modified
Mon Dec 23 22:04:07 2013 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Mon Dec 23 22:04:07 2013 MANAGEMENT: >STATE:1387847047,ASSIGN_IP,,10.8.0.6,
Mon Dec 23 22:04:07 2013 open_tun, tt->ipv6=0
Mon Dec 23 22:04:07 2013 TAP-WIN32 device [Local Area Connection 56] opened: \\.\Global\{78C38FED-AD0B-467A-A577-236092B02FC5}.tap
Mon Dec 23 22:04:07 2013 TAP-Windows Driver Version 9.9
Mon Dec 23 22:04:07 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {78C38FED-AD0B-467A-A577-236092B02FC5} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Mon Dec 23 22:04:07 2013 Successful ARP Flush on interface [131075] {78C38FED-AD0B-467A-A577-236092B02FC5}
Mon Dec 23 22:04:12 2013 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Mon Dec 23 22:04:12 2013 MANAGEMENT: >STATE:1387847052,ADD_ROUTES,,,
Mon Dec 23 22:04:12 2013 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Mon Dec 23 22:04:12 2013 Route addition via IPAPI succeeded [adaptive]
Mon Dec 23 22:04:12 2013 Initialization Sequence Completed
Mon Dec 23 22:04:12 2013 MANAGEMENT: >STATE:1387847052,CONNECTED,SUCCESS,10.8.0.6,xx.xx.xx.xx

Last edited by sally (2014-01-04 04:36:07)

Offline

#68 2013-12-24 01:39:22

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: OpenVPN automated installer

Sorry, but I don't understand why the default route isn't set on Windows.

You should try on a different client, but I am not a Windows guy so maybe am missing something...

By a test certificate I simply meant a client cert on the server, so I could debug. But try first on a different client, since I think this is related to your particular setup.

Offline

#69 2013-12-24 01:43:46

sally
Trusted Member
Registered: 2013-12-23
Posts: 11

Re: OpenVPN automated installer

Okay, it looks like the problem is on my laptop here. I'll try another client when i get the chance.
Thanks a lot for all your help!!

Offline

#70 2013-12-24 21:15:21

sally
Trusted Member
Registered: 2013-12-23
Posts: 11

Re: OpenVPN automated installer

Up and working by adding the following to server.conf:

"redirect-gateway def1"

Thanks again for your help Nyr!!

Offline

#71 2013-12-24 21:24:28

0x004a
Trusted Member
Registered: 2013-10-15
Posts: 135

Re: OpenVPN automated installer

@sally, @nyr's script sets that by default.

So still not sure what happened to you ?

Offline

#72 2013-12-24 22:01:20

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,297
Website

Re: OpenVPN automated installer

If it was a windows (client) problem, probably "run as administrator"

Thats the most common problem today. smile

Offline

#73 2014-01-25 22:24:35

just4sc
Member
Registered: 2014-01-25
Posts: 4

Re: OpenVPN automated installer

I'm using the OpenVpn client on my android phone and don't know how to set the Lowendspirit vps work.  On my other vps I just go to the import profile and give it my ipv4 address and it automatically imports the profile to work.  When I try using the italy ipv4 address and my assigned port it gives me a connection refused.  Is there something else I need to do?  Thanks!

Offline

#74 2014-01-25 23:03:14

Nyr
Trusted Member
Registered: 2013-03-04
Posts: 335

Re: OpenVPN automated installer

just4sc wrote:

I'm using the OpenVpn client on my android phone and don't know how to set the Lowendspirit vps work.  On my other vps I just go to the import profile and give it my ipv4 address and it automatically imports the profile to work.  When I try using the italy ipv4 address and my assigned port it gives me a connection refused.  Is there something else I need to do?  Thanks!

Paste client connection log so we can know what's wrong.

Offline

#75 2014-01-25 23:24:01

just4sc
Member
Registered: 2014-01-25
Posts: 4

Re: OpenVPN automated installer

Thanks.  I actually got it to work.  I didn't see the option to import from SD card so I was trying to manually input everything and I guess I must have left something out.  It worked when I use the import function to import the client config files.  Thanks for the fast response, though!

Offline

Board footer